#!/bin/bash
# Copyright 2022, Stefan Schlesinger
#
# Coraza Core Ruleset Downloader 
#    - download, manage and activate local copies of CRS versions
#
# Usage:
#  coraza-ruleloader 4.0.0-rc1
#  coraza-ruleloader 4.0.0-rc1 /etc/coraza
#
# Uses the following directory structure:
#
#  /etc/coraza/corerulesets/4.0.0-rc1
#  /etc/coraza/corerulesets/4.0.0-rc1/crs-setup.conf
#  /etc/coraza/corerulesets/4.0.0-rc1/rules
#  /etc/coraza/corerulesets/4.0.0-rc1/plugins
#  /etc/coraza/corerulesets/3.3.2
#  /etc/coraza/corerulesets/3.3.2/crs-setup.conf
#  /etc/coraza/corerulesets/3.3.2/rules
#  /etc/coraza/rules -> coraza/corerulesets/4.0.0-rc1/rules
#  /etc/coraza/crs-setup.conf -> coraza/corerulesets/4.0.0-rc1/crs-setup.conf
#

set -eo pipefail

CORERULESET_VERSION=${1:-4.0.0-rc1}
TARGET_BASE="${2:-coraza}"
TARGET_DIR="${TARGET_BASE}/corerulesets/${CORERULESET_VERSION}"

trap cleanup HUP INT QUIT TERM

crs_download() {
  SCRATCH=$(mktemp -d)

  if ! curl -sL https://github.com/coreruleset/coreruleset/archive/refs/tags/v${CORERULESET_VERSION}.tar.gz \
    | tar -xz --strip-components 1 -C "${SCRATCH}" 2>/dev/null ; then

    echo ERROR: Unable to download https://github.com/coreruleset/coreruleset/archive/refs/tags/v${CORERULESET_VERSION}.tar.gz
    exit 1
  fi
}

crs_install() {
  mkdir -p $TARGET_DIR

  mv $SCRATCH/crs-setup.conf.example $TARGET_DIR/crs-setup.conf
  mv $SCRATCH/rules $TARGET_DIR
  [[ -d $SCRATCH/plugins ]] && mv $SCRATCH/plugins $TARGET_DIR

  echo Loaded ruleset to $TARGET_DIR 1>&2
}

crs_activate() {
  cd $TARGET_BASE
  ln -sf "corerulesets/${CORERULESET_VERSION}/rules"
  ln -sf "corerulesets/${CORERULESET_VERSION}/crs-setup.conf"

  if [[ -d corerulesets/${CORERULESET_VERSION}/plugins ]] ; then
    ln -sf "corerulesets/${CORERULESET_VERSION}/plugins"
  else
    rm -f plugins
  fi

  echo SUCCESS: Activated corerulesets/${CORERULESET_VERSION}
}

cleanup() {
  [[ -d $SCRATCH ]] && rm -rf $SCRATCH
}

[[ -n `which curl &> /dev/null` ]] && echo "ERROR: Please install the curl command" && exit 1

if [[ ! -d $TARGET_DIR ]] ; then
   echo Ruleset not found, attemting download from Github. 1>&2
   crs_download && crs_install
fi